Vigil@nce: phpMyAdmin, disclosure of the installation path
February 2011 by Emmanuelle Lamandé
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the administrator removed some files from phpMyAdmin, an
attacker can generate an error containing the installation path.
– Severity: 1/4
– Creation date: 08/02/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin program is used to administer a MySQL database.
The /license.php, /changelog.php and /readme.php (version 2.11
only) pages read and display the LICENSE, ChangeLog and README
files. However, if the administrator deleted these files, an error
occurs in the three PHP scripts, and the full access path to
phpMyAdmin is printed in the error message.
When the administrator removed some files from phpMyAdmin, an
attacker can therefore generate an error containing the
installation path.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-disclosure-of-the-installation-path-10342